[Snort-users] Snort and Random ACK Scans

Brent Erickson erickson at ...239...
Wed Aug 2 13:38:46 EDT 2000


I am fairly new to Snort. I have run it on Linux and have been running it for 3 weeks on Windows NT. On Windows I am still running version 1.6 but with the latest 0727k rules, the backdoor rules, the vision rules and the scan-lib rules.

Will Snort alert on random ACK scans ?? I have tried running NMAP in the mode:

nmap -v -sA -PO -p6000-62000 target

Snort does not alert, Snort however does catch and alert on the FIN and XMAS scans.

I have studied several of the rule sets and it seems like Snort would catch the ack scans.

I am doing something wrong?

We have been bombarded with random ack scans in the last three weeks and we are trying to detect and log them, short of logging all of our traffic which would result in a huge log.

Thank you for your time and help.

Brent Erickson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000802/19da18a7/attachment.html>


More information about the Snort-users mailing list